Spotify API workflow

This is more of a general question regarding the spotify API and the different authorization flows– Authorization Code Flow, Client Credentials, and Implicit Grant.

I'm looking to build a website that can play tracks on spotify, as well as control playback(play,pause,skip to next track). Particularly, I need the site to play the playlist/tracks of a specific artist as well as have the ability to add the playlist to the user's personal playlists. The only way to do this is to get an auth token to allow the site to communicate with the spotify API and their personal account correct? Which flow would be recommended for this?


You could use either the Authorization Code flow or the Implicit Grant flow.

The Implicit Grant flow does not require the client secret, so it can be implemented without a backend component to your system (ie static frontend website), but it yields a time-limited token, limited to one hour. After the token expires, the user will have to log in to Spotify again.

The Authorization Code flow, on the other hand, requires a client secret (which must be stored securely and never sent off-server) therefore must be implemented on the backend, but yields both a time-limited access token and a refresh token to let your app request new access tokens for the user once the initial token has expired. The refreshes will continue to yield new access tokens unless the user revokes your app's permission in their settings on spotify.com.

链接地址: http://www.djcxy.com/p/55646.html

上一篇: 如何通过spotify api获取艺术家的所有曲目?

下一篇: Spotify API工作流程